Extracted

• • Target

    3c75446458d631359d19de18c09dfcbc5a616dc0c5d50f0df48d5fb818b8320d

  • Size

    301KB

  • MD5

    12df8cfc8d44bbb69eabbc577fc15615

  • SHA1

    5fc4df3b08a0d1e334f9a65400c2ba1d1c4e43ff

  • SHA256

    3c75446458d631359d19de18c09dfcbc5a616dc0c5d50f0df48d5fb818b8320d

  • SHA512

    b460945da31ea86c53e08e8dc24b49dbda16505731a18d13cf931b16b2b954a98f50e6b1e978d9c1d58ec9c1a81778497992c4b58210eed5a0d6e60f9db1a267

  • SSDEEP

    768:b8m1Sq4NQErBsH1tzoisBKQI6dObAG/dq8uW29Ifnca/yyR+P2ujfGiia2gXYX1e:Tsq+QV4rObAdXWpf/y+Wukcox

  Score

  10^/10

  xtremeratpersistenceratspywareupx

  • Detect XtremeRAT payload

  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    persistencespywareratxtremerat

  • UPX dump on OEP (original entry point)

  • Modifies Installed Components in the registry

    persistence

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Adds Run key to start application

    persistence

  • Drops file in System32 directory

  behavioral1behavioral2